CVE-2021-1506Improper Input Validation in Cisco Catalyst Sd-wan Manager

CWE-20Improper Input ValidationCWE-862Missing AuthorizationCWE-863Incorrect AuthorizationCWE-415Double FreeCWE-667Improper Locking6 documents5 sources
Severity
7.2HIGHNVD
CNA9.8
EPSS
1.9%
top 16.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Catalyst Sd-wan ManagerCisco Sd-wan VmanageCisco Sd-wan Vmanage
Timeline
PublishedMay 6
Latest updateFeb 26

Description

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

NVDcisco/sd-wan_vmanage< 20.3.3
NVDcisco/catalyst_sd-wan_manager20.420.4.1+1

🔴Vulnerability Details

2
GHSA
GHSA-mrxg-g8cm-vpc9: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to2022-05-24
CVEList
Cisco SD-WAN vManage Software Vulnerabilities2021-05-06

📋Vendor Advisories

3
Red Hat
kernel: ubifs: rename_whiteout: Fix double free for whiteout_ui->data2025-02-26
Red Hat
kernel: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback2025-02-26
Cisco
Cisco SD-WAN vManage Software Vulnerabilities2021-05-05
CVE-2021-1506 — Improper Input Validation in Cisco | cvebase